CVE-2013-1904

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2013-1904

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-1904.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2013-1904

Downstream

DEBIAN-CVE-2013-1904

Published

2014-02-08T00:55:05Z

Modified

2026-04-10T03:43:18.721973Z

Summary

[none]

Details

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the value parameter for the genericmessage_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.

References

http://lists.roundcube.net/pipermail/dev/2013-March/022328.html
http://sourceforge.net/p/roundcubemail/news/2013/03/security-updates-086-and-073/
http://habrahabr.ru/post/174423/
http://lists.opensuse.org/opensuse-updates/2013-04/msg00080.html
http://www.openwall.com/lists/oss-security/2013/03/28/8

CVE-2013-1904

Affected packages